In the latest twist in the ongoing feud between the Pokémon Go community and the app’s creators, The Pokémon Company has sent out at least one cease and desist letter to an independent developer threatening prosecution under the Computer Fraud and Abuse Act. The letter, sent to GitHub user Mila432 and reposted online, contains a detailed breakdown of how the developer violated Pokémon Go’s terms of service with a reverse-engineered application programming interface (API). It also says the developer may be subject to legal action if he or she does not comply with the company’s demands.

“Your actions … potentially violate the Computer Fraud and Abuse Act, a statute that prohibits the unauthorized access of servers and access which exceeds authorization as well as similar state statues,” the letter reads. “And your inducement of others to violate numerous terms of service provisions violates the CFAA.” It’s unclear if The Pokémon Company could actually bring a CFAA lawsuit against someone for breaking the terms of service in this case when there is no material harm done. But it’s certainly not the most outlandish use of the law.

MILA432 REVERSE ENGINEERED AND RELEASED A ‘POKÉMON GO’ API THAT COULD BE USED TO DEVELOP BOTS

Mila432’s API, released online over at code repository GitHub was designed to automate Pokémon Go play. It allows any third-party developer to create bots that could play the game without user input by effectively simulating the software and communicating with the game’s servers. The Pokémon Company says this API violates the Pokémon terms of use, which governs the use of the Pokémon Trainer Club account system for logging into the game. It also allegedly violates the Pokémon Go terms of service, which dictate how users interact with the game, its servers, and any data involved in the communication between the two.

The Pokémon Company has banned Mila432 from accessing any Pokémon-related service, and it’s also asking the developer remove the API from GitHub within seven days. The letter was first received on July 28th and the API remains live over at GitHub, where it has been starred more than 2,250 times. Mila432 was not immediately available for comment.

This appears to be a significant escalation in how Pokémon Go’s creators are handling any abuse of the service. Starting this week, developer Niantic begin restricting how third-party APIs access its servers, effectively breaking many of the popular pokémon-tracking apps used to locate different creatures on a virtual map. This was, according to Niantic CEO John Hanke, a decision the company felt it had to make to ensure the game was played fairly and to reduce the amount of strain being placed on its servers. “We have limited access by third-party services which were interfering with our ability to maintain quality of service for our users and to bring Pokémon GO to users around the world,” Niantic wrote in a Facebook post on Monday.

THE POKÉMON COMPANY HASN’T GONE AFTER MAP MAKERS

So it would seem that Niantic and The Pokémon Company have hard and fast rules on what they will and will not allow with regards to gameplay. They haven’t, however, gone after any of the third-party map makers with legal threats. In fact, the creator of the most popular Pokémon Go mapping API has not received a cease and desist letter, the developer tells The Verge. That API is still available at GitHub as well. Enabling people to use bots to play the game would seem to be where Niantic and The Pokémon Company draw the line. It even now appears hacking and taking advantage of exploits is now a reason for a permanent game ban: